diff options
| -rw-r--r-- | ChangeLog | 9 | ||||
| -rw-r--r-- | doc/guide.html | 183 | ||||
| -rw-r--r-- | doc/guide.tex | 16 | ||||
| -rw-r--r-- | src/ejabberd.cfg.example | 1 | ||||
| -rw-r--r-- | src/ejabberd_sm.erl | 86 |
5 files changed, 139 insertions, 156 deletions
@@ -1,3 +1,12 @@ +2006-05-21 Mickael Remond <mickael.remond@process-one.net> + + * src/ejabberd_sm.erl: An option to limit the number of opened sessions + for a given user have been added. As a default, a given user can only + log in 10 times with different resources. After that, new connections + replace the older ones. + * src/ejabberd.cfg.example: Likewise. + * doc/guide.tex: Likewise. + 2006-05-15 Mickael Remond <mickael.remond@process-one.net> * src/web/ejabberd_http_poll.erl: Timeout disconnection were not diff --git a/doc/guide.html b/doc/guide.html index cd2723de7..6dedae731 100644 --- a/doc/guide.html +++ b/doc/guide.html @@ -55,105 +55,6 @@ BLOCKQUOTE{margin-left:4ex;margin-right:4ex;text-align:left;} <H2 CLASS="section">Contents</H2><!--SEC END --> -<UL CLASS="toc"><LI CLASS="li-toc"> -<A HREF="#htoc1">1 Introduction</A> -<UL CLASS="toc"><LI CLASS="li-toc"> -<A HREF="#htoc2">1.1 Key Features</A> -<LI CLASS="li-toc"><A HREF="#htoc3">1.2 Additional Features</A> -</UL> -<LI CLASS="li-toc"><A HREF="#htoc4">2 Installation from Source</A> -<UL CLASS="toc"><LI CLASS="li-toc"> -<A HREF="#htoc5">2.1 Installation Requirements</A> -<UL CLASS="toc"><LI CLASS="li-toc"> -<A HREF="#htoc6">2.1.1 “Unix-like” operating systems</A> -<LI CLASS="li-toc"><A HREF="#htoc7">2.1.2 Windows</A> -</UL> -<LI CLASS="li-toc"><A HREF="#htoc8">2.2 Obtaining <TT>ejabberd</TT></A> -<LI CLASS="li-toc"><A HREF="#htoc9">2.3 Compilation</A> -<UL CLASS="toc"><LI CLASS="li-toc"> -<A HREF="#htoc10">2.3.1 “Unix-like” operating systems</A> -<LI CLASS="li-toc"><A HREF="#htoc11">2.3.2 Windows</A> -</UL> -<LI CLASS="li-toc"><A HREF="#htoc12">2.4 Starting</A> -</UL> -<LI CLASS="li-toc"><A HREF="#htoc13">3 Configuration</A> -<UL CLASS="toc"><LI CLASS="li-toc"> -<A HREF="#htoc14">3.1 Initial Configuration</A> -<UL CLASS="toc"><LI CLASS="li-toc"> -<A HREF="#htoc15">3.1.1 Host Names</A> -<LI CLASS="li-toc"><A HREF="#htoc16">3.1.2 Default Language</A> -<LI CLASS="li-toc"><A HREF="#htoc17">3.1.3 Access Rules</A> -<LI CLASS="li-toc"><A HREF="#htoc18">3.1.4 Shapers</A> -<LI CLASS="li-toc"><A HREF="#htoc19">3.1.5 Listened Sockets</A> -<LI CLASS="li-toc"><A HREF="#htoc20">3.1.6 Modules</A> -<LI CLASS="li-toc"><A HREF="#htoc21">3.1.7 Virtual Hosting</A> -<LI CLASS="li-toc"><A HREF="#htoc22">3.1.8 SASL anonymous and anonymous login</A> -</UL> -<LI CLASS="li-toc"><A HREF="#htoc23">3.2 Relational Database Support</A> -<UL CLASS="toc"><LI CLASS="li-toc"> -<A HREF="#htoc24">3.2.1 Authentication against a relational database</A> -<LI CLASS="li-toc"><A HREF="#htoc25">3.2.2 Relational database for other modules</A> -</UL> -<LI CLASS="li-toc"><A HREF="#htoc26">3.3 Creating an Initial Administrator</A> -<LI CLASS="li-toc"><A HREF="#htoc27">3.4 Online Configuration and Monitoring</A> -<UL CLASS="toc"><LI CLASS="li-toc"> -<A HREF="#htoc28">3.4.1 Web Interface</A> -<LI CLASS="li-toc"><A HREF="#htoc29">3.4.2 <TT>ejabberdctl</TT></A> -</UL> -</UL> -<LI CLASS="li-toc"><A HREF="#htoc30">4 Firewall Settings</A> -<LI CLASS="li-toc"><A HREF="#htoc31">5 SRV Records</A> -<LI CLASS="li-toc"><A HREF="#htoc32">6 Clustering</A> -<UL CLASS="toc"><LI CLASS="li-toc"> -<A HREF="#htoc33">6.1 How it Works</A> -<UL CLASS="toc"><LI CLASS="li-toc"> -<A HREF="#htoc34">6.1.1 Router</A> -<LI CLASS="li-toc"><A HREF="#htoc35">6.1.2 Local Router</A> -<LI CLASS="li-toc"><A HREF="#htoc36">6.1.3 Session Manager</A> -<LI CLASS="li-toc"><A HREF="#htoc37">6.1.4 s2s Manager</A> -</UL> -<LI CLASS="li-toc"><A HREF="#htoc38">6.2 Clustering Setup</A> -</UL> -<LI CLASS="li-toc"><A HREF="#htoc39">A Built-in Modules</A> -<UL CLASS="toc"><LI CLASS="li-toc"> -<A HREF="#htoc40">A.1 Overview</A> -<LI CLASS="li-toc"><A HREF="#htoc41">A.2 Common Options</A> -<UL CLASS="toc"><LI CLASS="li-toc"> -<A HREF="#htoc42">A.2.1 <TT>iqdisc</TT></A> -<LI CLASS="li-toc"><A HREF="#htoc43">A.2.2 <TT>hosts</TT></A> -</UL> -<LI CLASS="li-toc"><A HREF="#htoc44">A.3 <TT>mod_announce</TT></A> -<LI CLASS="li-toc"><A HREF="#htoc45">A.4 <TT>mod_disco</TT></A> -<LI CLASS="li-toc"><A HREF="#htoc46">A.5 <TT>mod_echo</TT></A> -<LI CLASS="li-toc"><A HREF="#htoc47">A.6 <TT>mod_irc</TT></A> -<LI CLASS="li-toc"><A HREF="#htoc48">A.7 <TT>mod_last</TT></A> -<LI CLASS="li-toc"><A HREF="#htoc49">A.8 <TT>mod_muc</TT></A> -<LI CLASS="li-toc"><A HREF="#htoc50">A.9 <TT>mod_muc_log</TT></A> -<LI CLASS="li-toc"><A HREF="#htoc51">A.10 <TT>mod_offline</TT></A> -<LI CLASS="li-toc"><A HREF="#htoc52">A.11 <TT>mod_privacy</TT></A> -<LI CLASS="li-toc"><A HREF="#htoc53">A.12 <TT>mod_private</TT></A> -<LI CLASS="li-toc"><A HREF="#htoc54">A.13 <TT>mod_pubsub</TT></A> -<LI CLASS="li-toc"><A HREF="#htoc55">A.14 <TT>mod_register</TT></A> -<LI CLASS="li-toc"><A HREF="#htoc56">A.15 <TT>mod_roster</TT></A> -<LI CLASS="li-toc"><A HREF="#htoc57">A.16 <TT>mod_service_log</TT></A> -<LI CLASS="li-toc"><A HREF="#htoc58">A.17 <TT>mod_shared_roster</TT></A> -<LI CLASS="li-toc"><A HREF="#htoc59">A.18 <TT>mod_stats</TT></A> -<LI CLASS="li-toc"><A HREF="#htoc60">A.19 <TT>mod_time</TT></A> -<LI CLASS="li-toc"><A HREF="#htoc61">A.20 <TT>mod_vcard</TT></A> -<LI CLASS="li-toc"><A HREF="#htoc62">A.21 <TT>mod_version</TT></A> -</UL> -<LI CLASS="li-toc"><A HREF="#htoc63">B Internationalization and Localization</A> -<LI CLASS="li-toc"><A HREF="#htoc64">C Release Notes</A> -<UL CLASS="toc"><LI CLASS="li-toc"> -<A HREF="#htoc65">C.1 ejabberd 0.9</A> -<LI CLASS="li-toc"><A HREF="#htoc66">C.2 ejabberd 0.9.1</A> -<LI CLASS="li-toc"><A HREF="#htoc67">C.3 ejabberd 0.9.8</A> -<LI CLASS="li-toc"><A HREF="#htoc68">C.4 ejabberd 1.0.0</A> -<LI CLASS="li-toc"><A HREF="#htoc69">C.5 ejabberd 1.1.0</A> -<LI CLASS="li-toc"><A HREF="#htoc70">C.6 ejabberd 1.1.1</A> -</UL> -<LI CLASS="li-toc"><A HREF="#htoc71">D Acknowledgements</A> -</UL> <!--TOC section Introduction--> @@ -631,9 +532,9 @@ Currently next modules are implemented: <TR><TD VALIGN=top ALIGN=left NOWRAP> </TD> <TD VALIGN=top ALIGN=left NOWRAP>Options</TD> <TD VALIGN=top ALIGN=left><TT>access</TT>, <TT>certfile</TT>, <TT>inet6</TT>, - <TT>ip</TT>, <TT>max_stanza_size</TT>, <TT>shaper</TT>, <TT>ssl</TT>, - <TT>tls</TT>, <TT>starttls</TT>, <TT>starttls_required</TT>, - <TT>zlib</TT></TD> + <TT>ip</TT>, <TT>max_stanza_size</TT>, <TT>max_user_sessions</TT>, + <TT>shaper</TT>, <TT>ssl</TT>, <TT>tls</TT>, <TT>starttls</TT>, + <TT>starttls_required</TT>, <TT>zlib</TT></TD> </TR> <TR><TD VALIGN=top ALIGN=left NOWRAP><TT>ejabberd_s2s_in</TT></TD> <TD VALIGN=top ALIGN=left NOWRAP>Description</TD> @@ -694,9 +595,19 @@ If HTTP Polling is enabled, it will be available at <DT CLASS="dt-description"><B><TT>{max_stanza_size, Size}</TT></B><DD CLASS="dd-description"> This option specifies an approximate maximal size in bytes of XML stanzas. For example <CODE>{max\_stanza\_size, 65536}</CODE>. The default value - is “<TT>infinity</TT>”. - <DT CLASS="dt-description"><B><TT>{shaper, <access rule>}</TT></B><DD CLASS="dd-description"> This option defines a - shaper for the port (see section <A HREF="#sec:configshaper">3.1.4</A>). The default value + is “<TT>infinity</TT>”.<BR> +<BR> +<DT CLASS="dt-description"><B><TT>{max_user_sessions, Max}</TT></B><DD CLASS="dd-description"> This + option specifies the maximum number of sessions (authenticated + connections) per user. If a user tries to open more than the maximum + number of allowed sessions, with different resources, the first opened + session will be disconnected. The error “<TT>session replaced</TT>” is + send to the disconnected session. This value is either a number or + <TT>infinity</TT>. For example <CODE>{max\_user\_sessions, 10}</CODE>. The + default value is <TT>10</TT>.<BR> +<BR> +<DT CLASS="dt-description"><B><TT>{shaper, <access rule>}</TT></B><DD CLASS="dd-description"> This option defines a + shaper for the port (see section <A HREF="#sec:configshaper">??</A>). The default value is “<TT>none</TT>”. <DT CLASS="dt-description"><B><TT>ssl</TT></B><DD CLASS="dd-description"> This option specifies that traffic on the port will be encrypted using SSL. You should also set the @@ -741,7 +652,7 @@ c2s connections are listened for on port 5222 and 5223 (SSL) and denied traffic enabled. <LI CLASS="li-itemize">Port 5280 is serving the web interface and the HTTP Polling service. Note that it is also possible to serve them on different ports. The second - example in section <A HREF="#sec:webadm">3.4.1</A> shows how exactly this can be done. + example in section <A HREF="#sec:webadm">??</A> shows how exactly this can be done. <LI CLASS="li-itemize">All users except for the administrators have a traffic of limit 1,000 Bytes/second <LI CLASS="li-itemize">The @@ -836,7 +747,7 @@ services you have to make the transports log and do XDB by themselves: The option <TT>modules</TT> defines the list of modules that will be loaded after <TT>ejabberd</TT>'s startup. Each entry in the list is a tuple in which the first element is the name of a module and the second is a list of options for that -module. Read section <A HREF="#sec:modules">A</A> for detailed information about modules.<BR> +module. Read section <A HREF="#sec:modules">??</A> for detailed information about modules.<BR> <BR> Examples: <UL CLASS="itemize"><LI CLASS="li-itemize"> @@ -922,7 +833,7 @@ very special cases. It defaults to false.<BR> enabled. </UL> Those options are defined for each virtual host with the <TT>host_config</TT> -parameter (see section <A HREF="#sec:configvirtualhost">3.1.7</A>).<BR> +parameter (see section <A HREF="#sec:configvirtualhost">??</A>).<BR> <BR> Examples: <UL CLASS="itemize"><LI CLASS="li-itemize"> @@ -1043,10 +954,10 @@ Register an account on your <TT>ejabberd</TT> deployment. An account can be created in two ways: <OL CLASS="enumerate" type=a><LI CLASS="li-enumerate"> Using the tool <TT>ejabberdctl</TT> (see - section <A HREF="#sec:ejabberdctl">3.4.2</A>): + section <A HREF="#sec:ejabberdctl">??</A>): <PRE CLASS="verbatim"> % ejabberdctl node@host register admin example.org password -</PRE><LI CLASS="li-enumerate">Using In-Band Registration (see section <A HREF="#sec:modregister">A.14</A>): you can +</PRE><LI CLASS="li-enumerate">Using In-Band Registration (see section <A HREF="#sec:modregister">??</A>): you can use a Jabber client to register an account. </OL> <LI CLASS="li-enumerate">Edit the configuration file to promote the account created in the previous @@ -1074,11 +985,11 @@ Register an account on your <TT>ejabberd</TT> deployment. An account can be To perform online configuration of <TT>ejabberd</TT> you need to enable the <TT>ejabberd_http</TT> listener with the option <TT>web_admin</TT> (see -section <A HREF="#sec:configlistened">3.1.5</A>). Then you can open +section <A HREF="#sec:configlistened">??</A>). Then you can open <CODE>http://server:port/admin/</CODE> in your favourite web browser. You will be asked to enter the username (the <EM>full</EM> Jabber ID) and password of an <TT>ejabberd</TT> user with administrator rights. After authentication -you will see a page similar to figure <A HREF="#fig:webadmmain">1</A>. +you will see a page similar to figure <A HREF="#fig:webadmmain">??</A>. <BLOCKQUOTE CLASS="figure"><DIV CLASS="center"><DIV CLASS="center"><HR WIDTH="80%" SIZE=2></DIV> <IMG SRC="webadmmain.png"> @@ -1208,11 +1119,11 @@ You need to take the following TCP ports in mind when configuring your firewall: <TD ALIGN=left NOWRAP>s2s connections.</TD> </TR> <TR><TD ALIGN=left NOWRAP>4369</TD> -<TD ALIGN=left NOWRAP>Only for clustering (see <A HREF="#sec:clustering">6</A>).</TD> +<TD ALIGN=left NOWRAP>Only for clustering (see <A HREF="#sec:clustering">??</A>).</TD> </TR> <TR><TD ALIGN=left NOWRAP>port range</TD> -<TD ALIGN=left NOWRAP>Only for clustring (see <A HREF="#sec:clustering">6</A>). This range - is configurable (see <A HREF="#sec:starting">2.4</A>).</TD> +<TD ALIGN=left NOWRAP>Only for clustring (see <A HREF="#sec:clustering">??</A>). This range + is configurable (see <A HREF="#sec:starting">??</A>).</TD> </TR></TABLE> <DIV CLASS="center"><HR WIDTH="80%" SIZE=2></DIV></DIV></BLOCKQUOTE> <!--TOC section SRV Records--> @@ -1686,7 +1597,7 @@ hosts: to several resources, only the resource with the highest priority will receive the message. If the registered user is not connected, the message will be stored offline in assumption that offline storage - (see section <A HREF="#sec:modoffline">A.10</A>) is enabled. + (see section <A HREF="#sec:modoffline">??</A>) is enabled. <DT CLASS="dt-description"><B><TT>example.org/announce/online (example.org/announce/all-hosts/online)</TT></B><DD CLASS="dd-description">The message is sent to all connected users. If the user is online and connected to several resources, all resources will receive the message. @@ -1753,7 +1664,7 @@ Options: <B><TT>iqdisc</TT></B><DD CLASS="dd-description"> This specifies the processing discipline for Service Discovery (<TT>http://jabber.org/protocol/disco#items</TT> and <TT>http://jabber.org/protocol/disco#info</TT>) IQ queries -(see section <A HREF="#sec:modiqdiscoption">A.2.1</A>). +(see section <A HREF="#sec:modiqdiscoption">??</A>). <DT CLASS="dt-description"><B><TT>extra_domains</TT></B><DD CLASS="dd-description"> With this option, extra domains can be added to the Service Discovery item list. </DL> @@ -1800,7 +1711,7 @@ Options: <DL CLASS="description" COMPACT=compact><DT CLASS="dt-description"> <B><TT>hosts</TT></B><DD CLASS="dd-description"> This option defines the hostnames of the - service (see section <A HREF="#sec:modhostsoption">A.2.2</A>). If neither <TT>hosts</TT> nor + service (see section <A HREF="#sec:modhostsoption">??</A>). If neither <TT>hosts</TT> nor the old <TT>host</TT> is present, the prefix “<TT>echo.</TT>” is added to all <TT>ejabberd</TT> hostnames. @@ -1817,7 +1728,7 @@ Mirror, mirror, on the wall, who is the most beautiful ... ]}. </PRE><LI CLASS="li-itemize">If you still do not understand the inner workings of <TT>mod_echo</TT>, - you can find a few more examples in section <A HREF="#sec:modhostsoption">A.2.2</A>. + you can find a few more examples in section <A HREF="#sec:modhostsoption">??</A>. </UL> <!--TOC subsection <TT>mod_irc</TT>--> @@ -1850,7 +1761,7 @@ Options: <DL CLASS="description" COMPACT=compact><DT CLASS="dt-description"> <B><TT>hosts</TT></B><DD CLASS="dd-description"> This option defines the hostnames of the - service (see section <A HREF="#sec:modhostsoption">A.2.2</A>). If neither <TT>hosts</TT> nor + service (see section <A HREF="#sec:modhostsoption">??</A>). If neither <TT>hosts</TT> nor the old <TT>host</TT> is present, the prefix “<TT>irc.</TT>” is added to all <TT>ejabberd</TT> hostnames. @@ -1904,7 +1815,7 @@ Options: <DL CLASS="description" COMPACT=compact><DT CLASS="dt-description"> <B><TT>iqdisc</TT></B><DD CLASS="dd-description"> This specifies the processing discipline for Last activity (<TT>jabber:iq:last</TT>) IQ queries -(see section <A HREF="#sec:modiqdiscoption">A.2.1</A>). +(see section <A HREF="#sec:modiqdiscoption">??</A>). </DL> <!--TOC subsection <TT>mod_muc</TT>--> @@ -1928,7 +1839,7 @@ Options: <DL CLASS="description" COMPACT=compact><DT CLASS="dt-description"> <B><TT>hosts</TT></B><DD CLASS="dd-description"> This option defines the hostnames of the - service (see section <A HREF="#sec:modhostsoption">A.2.2</A>). If neither <TT>hosts</TT> nor + service (see section <A HREF="#sec:modhostsoption">??</A>). If neither <TT>hosts</TT> nor the old <TT>host</TT> is present, the prefix “<TT>conference.</TT>” is added to all <TT>ejabberd</TT> hostnames. @@ -2078,7 +1989,7 @@ This module implements offline message storage. This means that all messages sent to an offline user will be stored on the server until that user comes online again. Thus it is very similar to how email works. Note that <TT>ejabberdctl</TT> has a command to delete expired messages -(see section <A HREF="#sec:ejabberdctl">3.4.2</A>).<BR> +(see section <A HREF="#sec:ejabberdctl">??</A>).<BR> <BR> <!--TOC subsection <TT>mod_privacy</TT>--> @@ -2113,7 +2024,7 @@ Options: <DL CLASS="description" COMPACT=compact><DT CLASS="dt-description"> <B><TT>iqdisc</TT></B><DD CLASS="dd-description"> This specifies the processing discipline for Blocking Communication (<TT>jabber:iq:privacy</TT>) IQ queries -(see section <A HREF="#sec:modiqdiscoption">A.2.1</A>). +(see section <A HREF="#sec:modiqdiscoption">??</A>). </DL> <!--TOC subsection <TT>mod_private</TT>--> @@ -2132,7 +2043,7 @@ Options: <DL CLASS="description" COMPACT=compact><DT CLASS="dt-description"> <B><TT>iqdisc</TT></B><DD CLASS="dd-description"> This specifies the processing discipline for Private XML Storage (<TT>jabber:iq:private</TT>) IQ queries -(see section <A HREF="#sec:modiqdiscoption">A.2.1</A>). +(see section <A HREF="#sec:modiqdiscoption">??</A>). </DL> <!--TOC subsection <TT>mod_pubsub</TT>--> @@ -2166,7 +2077,7 @@ Options: <DL CLASS="description" COMPACT=compact><DT CLASS="dt-description"> <B><TT>hosts</TT></B><DD CLASS="dd-description"> This option defines the hostnames of the - service (see section <A HREF="#sec:modhostsoption">A.2.2</A>). If neither <TT>hosts</TT> nor + service (see section <A HREF="#sec:modhostsoption">??</A>). If neither <TT>hosts</TT> nor the old <TT>host</TT> is present, the prefix “<TT>pubsub.</TT>” is added to all <TT>ejabberd</TT> hostnames. @@ -2204,7 +2115,7 @@ Options: restrictions by default). <DT CLASS="dt-description"><B><TT>iqdisc</TT></B><DD CLASS="dd-description"> This specifies the processing discipline for In-Band Registration (<TT>jabber:iq:register</TT>) IQ queries -(see section <A HREF="#sec:modiqdiscoption">A.2.1</A>). +(see section <A HREF="#sec:modiqdiscoption">??</A>). </DL> Examples: <UL CLASS="itemize"><LI CLASS="li-itemize"> @@ -2252,7 +2163,7 @@ Options: <DL CLASS="description" COMPACT=compact><DT CLASS="dt-description"> <B><TT>iqdisc</TT></B><DD CLASS="dd-description"> This specifies the processing discipline for Roster Management (<TT>jabber:iq:roster</TT>) IQ queries -(see section <A HREF="#sec:modiqdiscoption">A.2.1</A>). +(see section <A HREF="#sec:modiqdiscoption">??</A>). </DL> <!--TOC subsection <TT>mod_service_log</TT>--> @@ -2439,7 +2350,7 @@ Options: <DL CLASS="description" COMPACT=compact><DT CLASS="dt-description"> <B><TT>iqdisc</TT></B><DD CLASS="dd-description"> This specifies the processing discipline for Statistics Gathering (<TT>http://jabber.org/protocol/stats</TT>) IQ queries -(see section <A HREF="#sec:modiqdiscoption">A.2.1</A>). +(see section <A HREF="#sec:modiqdiscoption">??</A>). </DL> As there are only a small amount of clients (for example <A HREF="http://tkabber.jabber.ru/">Tkabber</A>) and software libraries with @@ -2476,7 +2387,7 @@ Options: <DL CLASS="description" COMPACT=compact><DT CLASS="dt-description"> <B><TT>iqdisc</TT></B><DD CLASS="dd-description"> This specifies the processing discipline for Entity Time (<TT>jabber:iq:time</TT>) IQ queries -(see section <A HREF="#sec:modiqdiscoption">A.2.1</A>). +(see section <A HREF="#sec:modiqdiscoption">??</A>). </DL> <!--TOC subsection <TT>mod_vcard</TT>--> @@ -2493,13 +2404,13 @@ Options: <DL CLASS="description" COMPACT=compact><DT CLASS="dt-description"> <B><TT>hosts</TT></B><DD CLASS="dd-description"> This option defines the hostnames of the - service (see section <A HREF="#sec:modhostsoption">A.2.2</A>). If neither <TT>hosts</TT> nor + service (see section <A HREF="#sec:modhostsoption">??</A>). If neither <TT>hosts</TT> nor the old <TT>host</TT> is present, the prefix “<TT>vjud.</TT>” is added to all <TT>ejabberd</TT> hostnames. <DT CLASS="dt-description"><B><TT>iqdisc</TT></B><DD CLASS="dd-description"> This specifies the processing discipline for <TT>vcard-temp</TT> IQ queries -(see section <A HREF="#sec:modiqdiscoption">A.2.1</A>). +(see section <A HREF="#sec:modiqdiscoption">??</A>). <DT CLASS="dt-description"><B><TT>search</TT></B><DD CLASS="dd-description"> This option specifies whether the search functionality is enabled (value: <TT>true</TT>) or disabled (value: <TT>false</TT>). If disabled, the option <TT>hosts</TT> will be @@ -2557,7 +2468,7 @@ Options: <DL CLASS="description" COMPACT=compact><DT CLASS="dt-description"> <B><TT>iqdisc</TT></B><DD CLASS="dd-description"> This specifies the processing discipline for Software Version (<TT>jabber:iq:version</TT>) IQ queries -(see section <A HREF="#sec:modiqdiscoption">A.2.1</A>). +(see section <A HREF="#sec:modiqdiscoption">??</A>). </DL> <!--TOC section Internationalization and Localization--> @@ -2566,7 +2477,7 @@ the processing discipline for Software Version (<TT>jabber:iq:version</TT>) IQ q <A NAME="sec:i18nl10n"></A> All built-in modules support the <TT>xml:lang</TT> attribute inside IQ queries. -Figure <A HREF="#fig:discorus">2</A>, for example, shows the reply to the following query: +Figure <A HREF="#fig:discorus">??</A>, for example, shows the reply to the following query: <PRE CLASS="verbatim"> <iq id='5' to='example.org' @@ -2588,7 +2499,7 @@ Figure <A HREF="#fig:discorus">2</A>, for example, shows the reply to the f <A NAME="fig:discorus"></A> <DIV CLASS="center"><HR WIDTH="80%" SIZE=2></DIV></DIV></BLOCKQUOTE> The web interface also supports the <CODE>Accept-Language</CODE> HTTP header (compare -figure <A HREF="#fig:webadmmainru">3</A> with figure <A HREF="#fig:webadmmain">1</A>) +figure <A HREF="#fig:webadmmainru">??</A> with figure <A HREF="#fig:webadmmain">??</A>) <BLOCKQUOTE CLASS="figure"><DIV CLASS="center"><DIV CLASS="center"><HR WIDTH="80%" SIZE=2></DIV> <IMG SRC="webadmmainru.png"> @@ -3138,7 +3049,7 @@ END This release fix a security issue introduced in ejabberd 1.1.0. In SASL mode, anonymous login was enabled as a default. Upgrading ejabberd 1.1.0 to - ejabberd 1.1.1 is highly recommanded. + ejabberd 1.1.1 is highly recommended. ejabberd can be downloaded from the Process-one website: http://www.process-one.net/en/projects/ejabberd/ diff --git a/doc/guide.tex b/doc/guide.tex index 155c62b55..5e2bc1af4 100644 --- a/doc/guide.tex +++ b/doc/guide.tex @@ -526,9 +526,9 @@ Currently next modules are implemented: \begin{tabular}{|l|l|p{87mm}|} \hline \texttt{ejabberd\_c2s}& Description& Handles c2s connections.\\ \cline{2-3} & Options& \texttt{access}, \texttt{certfile}, \texttt{inet6}, - \texttt{ip}, \texttt{max\_stanza\_size}, \texttt{shaper}, \texttt{ssl}, - \texttt{tls}, \texttt{starttls}, \texttt{starttls\_required}, - \texttt{zlib}\\ + \texttt{ip}, \texttt{max\_stanza\_size}, \texttt{max\_user\_sessions}, + \texttt{shaper}, \texttt{ssl}, \texttt{tls}, \texttt{starttls}, + \texttt{starttls\_required}, \texttt{zlib}\\ \hline \texttt{ejabberd\_s2s\_in}& Description& Handles incoming s2s connections.\\ \cline{2-3} & Options& \texttt{inet6}, \texttt{ip}, @@ -574,6 +574,16 @@ The following options are available: option specifies an approximate maximal size in bytes of XML stanzas. For example \verb|{max\_stanza\_size, 65536}|. The default value is ``\term{infinity}''. + + \titem{\{max\_user\_sessions, Max\}} \ind{options!max\_user\_sessions}This + option specifies the maximum number of sessions (authenticated + connections) per user. If a user tries to open more than the maximum + number of allowed sessions, with different resources, the first opened + session will be disconnected. The error ``\term{session replaced}'' is + send to the disconnected session. This value is either a number or + \term{infinity}. For example \verb|{max\_user\_sessions, 10}|. The + default value is \term{10}. + \titem{\{shaper, <access rule>\}} \ind{options!shaper}This option defines a shaper for the port (see section~\ref{sec:configshaper}). The default value is ``\term{none}''. diff --git a/src/ejabberd.cfg.example b/src/ejabberd.cfg.example index 3a8fc9319..9b894de13 100644 --- a/src/ejabberd.cfg.example +++ b/src/ejabberd.cfg.example @@ -114,6 +114,7 @@ {listen, [{5222, ejabberd_c2s, [{access, c2s}, {shaper, c2s_shaper}, {max_stanza_size, 65536}, + {max_user_sessions, 10}, starttls, {certfile, "./ssl.pem"}]}, {5223, ejabberd_c2s, [{access, c2s}, {max_stanza_size, 65536}, diff --git a/src/ejabberd_sm.erl b/src/ejabberd_sm.erl index c9ed39b18..4e82e5632 100644 --- a/src/ejabberd_sm.erl +++ b/src/ejabberd_sm.erl @@ -42,6 +42,9 @@ -record(session, {sid, usr, us, priority}). -record(state, {}). +%% default value for the maximum number of user connections +-define(MAX_USER_SESSIONS, 10). + %%==================================================================== %% API %%==================================================================== @@ -63,6 +66,7 @@ route(From, To, Packet) -> open_session(SID, User, Server, Resource) -> set_session(SID, User, Server, Resource, undefined), + check_for_sessions_to_replace(User, Server, Resource), JID = jlib:make_jid(User, Server, Resource), ejabberd_hooks:run(sm_register_connection_hook, JID#jid.lserver, [SID, JID]). @@ -177,6 +181,7 @@ init([]) -> {"connected-users-number", "print a number of established sessions"}, {"user-resources user server", "print user's connected resources"}], ?MODULE, ctl_process), + {ok, #state{}}. %%-------------------------------------------------------------------- @@ -270,23 +275,7 @@ set_session(SID, User, Server, Resource, Priority) -> us = US, priority = Priority}) end, - mnesia:sync_dirty(F), - SIDs = mnesia:dirty_select( - session, - [{#session{sid = '$1', usr = USR, _ = '_'}, [], ['$1']}]), - if - SIDs == [] -> - ok; - true -> - MaxSID = lists:max(SIDs), - lists:foreach( - fun({_, Pid} = S) when S /= MaxSID -> - Pid ! replaced; - (_) -> - ok - end, SIDs) - end. - + mnesia:sync_dirty(F). clean_table_from_bad_node(Node) -> F = fun() -> @@ -509,6 +498,69 @@ get_user_present_resources(LUser, LServer) -> S <- clean_session_list(Ss), is_integer(S#session.priority)] end. +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%% On new session, check if some existing connections need to be replace +check_for_sessions_to_replace(User, Server, Resource) -> + LUser = jlib:nodeprep(User), + LServer = jlib:nameprep(Server), + LResource = jlib:resourceprep(Resource), + + %% TODO: Depending on how this is executed, there could be an unneeded + %% replacement for max_sessions. We need to check this at some point. + check_existing_resources(LUser, LServer, LResource), + check_max_sessions(LUser, LServer). + +check_existing_resources(LUser, LServer, LResource) -> + USR = {LUser, LServer, LResource}, + %% A connection exist with the same resource. We replace it: + SIDs = mnesia:dirty_select( + session, + [{#session{sid = '$1', usr = USR, _ = '_'}, [], ['$1']}]), + if + SIDs == [] -> ok; + true -> + MaxSID = lists:max(SIDs), + lists:foreach( + fun({_, Pid} = S) when S /= MaxSID -> + Pid ! replaced; + (_) -> ok + end, SIDs) + end. + +check_max_sessions(LUser, LServer) -> + %% If the max number of sessions for a given is reached, we replace the + %% first one + SIDs = mnesia:dirty_select( + session, + [{#session{sid = '$1', usr = {LUser, LServer, '_'}, _ = '_'}, [], ['$1']}]), + MaxSessions = get_max_user_sessions(), + if length(SIDs) =< MaxSessions -> ok; + true -> {_, Pid} = lists:min(SIDs), + Pid ! replaced + end. + + +%% Get the user_max_session setting +%% This option defines the max number of time a given users are allowed to +%% log in +%% This option is only used on c2s connections +%% Defaults to 10 +%% Can be set to infinity +get_max_user_sessions() -> + case ejabberd_config:get_local_option(listen) of + undefined -> ?MAX_USER_SESSIONS; + Listeners -> + case lists:keysearch(ejabberd_c2s, 2, Listeners) of + {value, {_Port, _Method, Opts}} -> + case lists:keysearch(max_user_sessions, 1, Opts) of + {value, {_, Max}} -> Max; + _ -> ?MAX_USER_SESSIONS + end; + _ -> ?MAX_USER_SESSIONS + end + end. + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% |